<?php
 include "counter2.php";

// $self_url = "http://" . $HTTP_HOST . $REQUEST_URI;
// $self_url = "http://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];

   $name = $counter->get_input('name', '', 'get');
   $city = $counter->get_input('city', '', 'get');
   $country = $counter->get_input('country', '', 'get');
   $ustate = $counter->get_input('ustate', '', 'get');
   $email = $counter->get_input('email', '', 'get');
   $anything = $counter->get_input('anything', '', 'get');
   $limit = $counter->get_input('limit', 'number', 'get');
   $slowsearch = $counter->get_input('slowsearch', '', 'get');

 if (!$limit) {
     $limit = 20;
 } 

pagestart(); ?>
<html>
<?php pagehead(_("Search for an user")) ?>
<BODY bgcolor="white">
<?php pagetop(_("Search for an user")) ?>
<?php print _("Note: Use the SQL \"anything\" symbol % for substring match, not the Unix *.") ?>
<br>
<?php print _("You can't search for frozen entries using this. Use the") . " <a href=\"freetextsearch.php\">" . _("free text search") . "</a> " . _("function instead."); ?>

<form action="<?php echo $self_url ?>">
<table>
<tr><td><?php print _("Name:") ?><td> <input name="name" value="<?php echo $name ?>">
<td><input type="checkbox" checked name="name_substring" value="substring">
<?php print _("Substring match") ?>
<tr><td><?php print _("City:") ?><td> <input name="city" value="<?php echo $city ?>">
<tr><td><?php print _("Country:") ?><td> <input name="country" size=2 value="<?php echo $country ?>">
<tr><td><?php print _("Email:") ?><td> <input name="email" value="<?php echo $email ?>">
<tr><td><?php print _("User State:") ?><td>
<select name="ustate">
<option value="" selected><?php print _("Anything") ?>
<option value="ok"><?php print _("OK") ?>
<option value="bad"><?php print _("Bad (to be frozen)") ?>
<option value="blocked"><?php print _("Blocked (no email please)") ?>
</select>
<tr><td><?php print _("Anything") . ":" ?><td> <input name="anything" value="<?php echo $anything ?>">
<tr><td><?php print _("Limit:") ?><td><input name="limit" value="<?php echo $limit ?>">
	<input type="checkbox" name="slowsearch" value="yes"> <?php print _("Force  searches that will be slow") ?>
</table>
<?php print "<input type=\"submit\" value=\"" . _("Search") . "\">" ?>
<?php print "<input type=\"reset\" value=\"" . _("Clear") . "\">" ?>
</form>

<?php
if ($name || $city || $country || $ustate || $email || $anything) {
#    if ($ustate == "frozen") {
#        $search = "select users.f_key, users.email, users.state as ustate from users, frozen where users.state = 'frozen' and users.f_key = frozen.owner and frozen.ftable = 'persons' and frozen.f_raw like '%$anything%'";
#     } else {
            if ($email) {
	        $search = "select users.f_key, name, users.email, city, country, users.state as ustate from users left join persons on users.f_key = persons.f_key, email where users.f_key = email.owner and  ";
	        $ands[] = "email.f_key like '$email'";
	    } else {
	        $search = "select persons.f_key, name, users.email, city, country, users.state as ustate from persons, users where users.f_key = persons.f_key and ";
	    }
	    if ($name) {
                if ($name_substring == 'substring') {
                        $ands[] = "name like '%$name%'";
                } else {
                        $ands[] = "name like '$name'";
                }
            }
	    if ($city) { $ands[] = "city like '$city'"; }
	    if ($country) { $ands[] = "country like '$country'"; }
	    if ($ustate) { $ands[] = "users.state like '$ustate'"; }
	    if ($anything) { $ands[] = "persons.f_raw like '%$anything%'"; }
	    $search .= join(" and ", $ands);
#     }
        print _("Search expression is") . " \"$search\"<br>\n";
	// Try to figure out how complex this query is, and stop if
	// it's excessively complex
	$complex = mysql_query("explain $search");
	if (!$complex) {
		print mysql_error();
		die("Query for explanation failed");
	}
	$complexity = 0;
	while ($arr = mysql_fetch_array($complex)) {
	     print $arr["table"] . " " . $arr["rows"] . "<br>";
	     $complexity += $arr["rows"];
        }
	if ($complexity > 10000 && $slowsearch != "yes") {
	   print _("This fetches more than 10000 rows. Please specify more information.");
	} else {
           flush();
           ob_flush(); # php overkill
  	   $query = mysql_query($search);
	   if (!$query) {
		print mysql_error();
		die("Query failed");
	   }
	   $rows = mysql_num_rows($query);
	   if ($rows == 0) {
		print "<p>" . _("Nothing found") . "\n";
	   } else {
		print "<p>$rows " . _("entries found") . "\n";
		if ($rows > $limit) {
			print "<br>" . $limit . _(" first matches shown") . "\n";
		}
		print "<table border>";
		$countix = 0;
		while ($arr = mysql_fetch_array($query)) {
			print "<tr><td>";
			print "<a href=\"/cgi-bin/adm/display-person.cgi?user=$arr[f_key]\">";
			print $arr[f_key] . "</a>";
			print "<td>" . $arr[name] . "\n";
			print "<td>" . $arr[email] . "\n";
			print "<td>" . $arr[city] . "\n";
			print "<td>" . $arr[country] . "\n";
			print "<td>" . $arr[ustate] . "\n";

			++ $countix;
			if ($countix > $limit) {
				break;
			}
		}
		print "</table>\n";
	   }
	}
}
?>


<?php pagebottom() ?>
</body>
</html>
